Office 365 ransomware spreads using Outlook’s help

Office 365 is one of the most widely used productivity suites in the world, counting 22.2 million subscribers. But Office 365’s popularity puts in a prime position for malicious users to try and exploit.

According to Avanan security company, there’s a new ransomware going around that affects Office 365 users, relying on macros and Cerber ransomware to hijack your computer and prevent file access.

Ransomware encrypts your data and prevents you from accessing it unless you pay a certain fee to the hacker, usually playing the ransom message over your audio system and demanding 1.24 Bitcoin in order to unlock them.

This ransomware spreads through Outlook disguised as an invoice document. By opening the email, you’ll see an error message saying that the document was created by older version of Office, and in order to view the document you have to enable certain content. By enabling the content, you’ll allow ransomware to take over your PC and lock your files.

If your computer is infected by this ransomware, security experts advise not paying the ransom under any circumstances. Instead, reinstall Windows 10 or restore it from a backup and delete the malicious email and attachment.

This attack first appeared on June 22nd, but fortunately Microsoft was quick to respond. On June 23rd, it started blocking the malicious attachment. Security company Avanan reported that roughly 57% of organizations that use Office 365 received the malicious attachment, although the exact number of affected users remains unknown.

Ransomware such as this can be extremely dangerous, therefore be sure not to open any emails or attachments that come from unknown email addresses.